b'OFFICE OF INSPECTOR GENERAL\n\n\nAUDIT OF THE U.S. AFRICAN\nDEVELOPMENT FOUNDATION\xe2\x80\x99S\nFISCAL YEAR 2013\nCOMPLIANCE WITH THE\nFEDERAL INFORMATION\nSECURITY MANAGEMENT ACT\nOF 2002\nAUDIT REPORT NO. A-ADF-14-002-P\nNOVEMBER 27, 2013\n\x0cThis is a summary of our report on the \xe2\x80\x9cAudit of the U.S. African Development Foundation\xe2\x80\x99s\nFiscal Year 2013 Compliance With the Federal Information Security Management Act of 2002.\xe2\x80\x9d\nThe Federal Information Security Management Act of 2002 (FISMA) requires agencies to\ndevelop, document, and implement an agency-wide information security program to protect their\ninformation and information systems, including those provided or managed by another agency,\ncontractor, or other source. The act also requires agencies to have an annual assessment of\ntheir information systems.\n\nThe Office of Inspector General (OIG) contracted with the independent certified public\naccounting firm of Cotton & Company LLP to conduct the audit. Cotton was required to conduct\nthe audit in accordance with U.S. Government Auditing Standards. The objective was to\ndetermine whether the U.S. African Development Foundation (USADF) implemented selected\nminimum security controls for selected information systems to reduce the risk of data tampering,\nunauthorized access to and disclosure of sensitive information, and disruptions to USADF\xe2\x80\x99s\noperations.\n\nThe audit concluded that USADF is in substantial compliance with FISMA and has developed\nand documented the majority of the information security policies and procedures required under\nFISMA. While USADF is in substantial compliance with FISMA, Cotton noted a number of\nweaknesses in which either documented policy and procedures were inadequate or\nmanagement had a policy or procedure but was not following it.\n\nBased on those weaknesses in USADF\xe2\x80\x99s information security controls, OIG made\n17 recommendations to help USADF strengthen its information security program. Management\ndecisions were made on all 17 recommendations.\n\x0cU.S. Agency for International Development \n\n       Office of Inspector General \n\n      1300 Pennsylvania Avenue, NW \n\n          Washington, DC 20523 \n\n            Tel: 202-712-1150 \n\n            Fax: 202-216-3047 \n\n           http://oig.usaid.gov\n\x0c'